 User Authentication Session Handling Problems, Authorization server variables not staying across pages |
|
|
|
|
  |
 Jul 30 2006, 06:12 AM
Post
#1
|
|
|
Cosmic Overlord  Group: Members Posts: 550 Joined: 26-November 05 From: Chennai, India Member No.: 9,811  |
This is quite a bit of problem I am facing, and I cannot point exactly where I am going wrong. I have been lurking around here at the Asta Host forums with regard to login and user authentication scripts and I have got as far as this:
- Starting a session - Registering a session variable - Using the variable to check if the user is authenticated or not. - Authenticating the user through MySQL database - Logging of the user, by setting the session variable to un-authenticated I have been able to achive the following things too that I think is not related to this problem: - Encapsulate the database handling to a seperate source file - Use a templating system of my own. - Handle everything in only one page using the querying through URL (this is my requirement due to the templating system I use) - I want only one file (index.php) to be called with appropriate action requests (?q=login or ?q=logout) Here is the code I have so far: CODE <?php session_start(); session_register('auth'); require_once('database.inc'); // These $d_<something> variables will be placed in the template $d_html_head = 'Some portal DART'; $d_header = 'The header - DART'; $d_status = NULL; $d_content = NULL; $d_nav = '<h2>Link set 1</h2><ul><li><a href="#">Link 1</a></li><li><a href="#">Link 2</a></li><li><a href="#">Link 3</a></li></ul><h2>Link set 2</h2><ul><li><a href="#">Link 4</a></li><li><a href="#">Link 5</a></li><li><a href="#">Link 6</a></li></ul><h2>Link set 3</h2><ul><li><a href="#">Link 7</a></li><li><a href="#">Link 8</a></li><li><a href="#">Link 9</a></li></ul>'; $d_footer = 'copyright info'; $q = ''; // Database handling part $dartdb = new dbhandler; $connection = $dartdb->setconnection( 'dbadmin', 'dbpassword', 'localhost'); if(!$connection) $d_status .= "Unable to get a connection <BR /> $dartdb->errorstring <BR />"; $connection = $dartdb->setdatabase('dartdb'); if(!$connection) $d_status .= "Unable to select DART database <BR /> $dartdb->errorstring <BR />"; if ( isset($_GET['q']) ) $q = $_GET['q']; if ( $q == 'login') { // Check the 'user' and 'pass' against database and set // 'auth' based on the result $loginmessage = "The Employee number or the password given is wrong. Please try again."; $_SERVER['auth'] = 'NO'; $user = NULL; $pass = NULL; $user = $_POST['user']; $pass = $_POST['pass']; $query = "SELECT * FROM dart_emp WHERE empid = '".$user."'"; $dartdb->query($query); if ( $user != NULL && $dartdb->result != NULL ) { $array = $dartdb->fetch_object(); if( isset($array->empid) && $array->empid == $user && $array->password == $pass ) { $loginmessage = "Login successful."; $_SERVER['auth'] = 'YES'; } } $d_status .= $loginmessage; } else if ($q == 'logout') { // User has logged out. Hence set the 'auth' to 'NO' $_SERVER['auth'] = 'NO'; $d_status .= 'Logged out. <BR />'; } if( isset($_SERVER['auth']) && $_SERVER['auth'] == 'YES' ) { $d_status .= 'Authorized access <BR />'; $d_content .= 'Content, content. <BR />Logout <A href="?q=logout">link</A>.'; } else { //Show the login form if ($q != 'logout') $d_status .= 'Not logged in. <BR />'; $d_content .= '<form action="?q=login" method="post" name="login"> Employee Number: <input type="text" name="user" size="6" maxlength="6" id="user" /> <BR /> Password: <input type="password" name="pass" size="30" maxlength="30" id="pass" /> <BR /> <input type="submit" name="login" value="Login" id="login" /> </form>'; } // This is the templating system I use. The above $d_<something> values // are replaced in the appropriate places require 'template/page.tpl'; ?> Now, here is my problem. Once I log in, the URL will be: http://localhost/index.php?=login After successful login, it will show the content. Now, if I type the http://locahost/index.php, it should still be showing the content. But it does not. For some reason, I am loosing the $_SERVER['auth'] variable. I am not sure, where in the flow I am doing wrong. Could some one please check this up and let me know what I am doing wrong, or what more should I be including? Please let me know, if you need anything more, or want me to explain why I put the code as I put it there. |
 |
 
|
|
Jul 30 2006, 07:09 AM
Post
#2
|
|
|
the Q  Group: [HOSTED] Posts: 1,022 Joined: 13-July 05 From: Lithuania, Vilnius Member No.: 7,059 |
I didn't get into to your script very much, but isn't it $_SESSION['auth']; you want to use and not $_SERVER; superglobal?
I myself that to optimize the script, usually at the start of the script, where I need to use superglobals, I do something like this $s =& $_SERVER; to use $s as superglobal, very convenient, but I don't do this for SESSION and COOKIES as I had problems. 
This post has been edited by Quatrux: Jul 30 2006, 07:13 AM |
|
|
|
|
Jul 31 2006, 10:04 AM
Post
#3
|
|
|
Cosmic Overlord Group: Members Posts: 550 Joined: 26-November 05 From: Chennai, India Member No.: 9,811 |
Oh! The _SERVER and _SESSION variables are different. I should have thought about that. I will check this up and let you guys know how it turns out to be.
|
|
|
|
|
Aug 1 2006, 12:44 AM
Post
#4
|
|
|
Teh Coder Group: Members Posts: 1,053 Joined: 18-April 06 From: Australia Member No.: 12,833 |
Here's an example of my login which seems to work just perfectly thus far:
I do use files split up though. What I do with login.php is display a form with two input text fields and send that to my check_login.php file which checks the information against the database and then registers the session like so: CODE session_register('username'); $_SESSION['username'] = $username; session_register('password'); $_SESSION['password'] = $password; $username and $password being the variabels send from the form that were validated to be correct. If not I just sent them back the login.php?error=incorrectlogindetails or somesuch. For pages that need to check if a user is logged in: CODE session_start(); if(isset($_SESSION['username']) && isset($_SESSION['password'])){header("location:login_successful.php?error=loggedin");} Which is in my login.php file, if isset is true then they are allready logged in and do not need to be here so it redirects them. And for logging out, it's as simple as: CODE session_start(); session_destroy(); I'm not sure if it's the best way to do it but it hasn't failed me yet. |
|
|
|
|
Aug 1 2006, 04:15 AM
Post
#5
|
|
|
the Q Group: [HOSTED] Posts: 1,022 Joined: 13-July 05 From: Lithuania, Vilnius Member No.: 7,059 |
I wonder why people here still is using session_register(); Here is a caution "If you are using $_SESSION (or $HTTP_SESSION_VARS), do not use session_register(), session_is_registered(), and session_unregister()."
and to end the session, one of the best method is to do this:CODE function session_delete($sname = 'Current User') { # Set Session Name to a Variable $name = session_name(); /* Empty the Cookie from Session */ if (!headers_sent() ) { setcookie($name,"",0,"/"); } /* Remove the Cookie Value */ unset($_COOKIE[$name]); /* Remove all the Info from the Super Global */ $_SESSION = array(); /* Free all session variables */ session_unset(); /* Destroy all data registered to a session */ if (session_destroy() === FALSE) { return FALSE; } else { return TRUE; } } and just call the function when you need to logout or remove the session.
|
|
|
|
|
Aug 1 2006, 04:20 AM
Post
#6
|
|
|
Teh Coder Group: Members Posts: 1,053 Joined: 18-April 06 From: Australia Member No.: 12,833 |
What's wrong with session_register()? It works and is the only thing that worked for me back when I first wrote it lol.
|
|
|
|
|
Aug 1 2006, 04:46 AM
Post
#7
|
|
|
the Q Group: [HOSTED] Posts: 1,022 Joined: 13-July 05 From: Lithuania, Vilnius Member No.: 7,059 |
QUOTE(Chesso @ Aug 1 2006, 07:20 AM)  What's wrong with session_register()? It works and is the only thing that worked for me back when I first wrote it lol. Well, read the PHP Manual and search google on session register, it isn't needed anymore. QUOTE Caution If you want your script to work regardless of register_globals, you need to instead use the $_SESSION array as $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled. QUOTE register_globals: important note: Since PHP 4.2.0, the default value for the PHP directive register_globals is off, and it is completely removed as of PHP 6.0.0. The PHP community encourages all to not rely on this directive but instead use other means, such as the superglobals. Look at this code and read the comments. CODE <?php // Use of session_register() is deprecated $barney = "A big purple dinosaur."; session_register("barney"); // Use of $_SESSION is preferred, as of PHP 4.1.0 $_SESSION["zim"] = "An invader from another planet."; // The old way was to use $HTTP_SESSION_VARS $HTTP_SESSION_VARS["spongebob"] = "He's got square pants."; ?> session_register() is deprecated !!! |
|
|
|
|
Aug 1 2006, 05:10 AM
Post
#8
|
|
|
Teh Coder Group: Members Posts: 1,053 Joined: 18-April 06 From: Australia Member No.: 12,833 |
But if I use $_SESSION alone it won't work for me.... only when I use session_register, last time I checked atleast.
|
|
|
|
|
Aug 1 2006, 11:24 AM
Post
#9
|
|
|
Cosmic Overlord Group: Members Posts: 550 Joined: 26-November 05 From: Chennai, India Member No.: 9,811 |
Ok. As for the problem I had, it got solved when I replaced all _SERVER occurances with _SESSION.
But I see that this thread has developed quite a bit since I last left. Yes, I have heard that session_register is deprecated. So, Quatrax, should I just go ahead and use _SESSION variables and not do any session_open() and session_register() functions? |
|
|
|
|
Aug 1 2006, 11:46 AM
Post
#10
|
|
|
Teh Coder Group: Members Posts: 1,053 Joined: 18-April 06 From: Australia Member No.: 12,833 |
I am curious about this too, it'll save me a few bytes of space
 which I am always looking to do.
|
|
|
|
|
Similar Topics
|
Lo-Fi Version | Time is now: 5th September 2008 - 06:31 AM |